By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

two years, but has code that is decades old. The Fruitfly malware library can also run on Linux systems. If Fruitfly's code is so ancient, why does it still work? And why wasn't it discovered earlier? How can enterprises secure their Mac and Linux devices?

Effective code, algorithms and techniques typically have very long lifespans, and they often get included in more places than was initially anticipated.

One of the key practices of software development is code reuse, which enables developers to reduce the time necessary to develop and test their code. It appears the authors of the Fruitfly Mac malware had this in mind when they wrote the code.

Malwarebytes analysis showed that this cross-platform malware uses APIs that go back decades. Apple and other operating system developers know that APIs have very long lifespans, and if they change how an API works, it could break a legitimate program, so backwards compatibility is maintained for as long as possible. Malwarebytes reported Fruitfly Mac malware could have evaded detection by limiting the targets of attack. Macs do not face as many malware attacks as some Windows systems, and may not be as carefully monitored, which also could have reduced the likelihood of the malware being identified.

Enterprises can secure their Mac and Linux devices the same way they secure their Windows systems, by keeping the systems up to date with patches, managing the systems with the least privileges necessary, using secure configurations and monitoring the systems. The standards and specific configuration settings will differ from Windows systems, but the same general steps can be used. Some system management tools are multi-platform and can manage Windows, Macs and Linux systems. These same steps haven't significantly changed in a long time.

As for the specific case of Fruitfly Mac malware, using a file integrity monitor could alert enterprises when an unknown binary is run on a system, which could then be investigated to determine more details on the attack. The initial indicator of compromise was suspicious network traffic originating from an infected endpoint.

1 comment

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy